Wireless Network Security | AP Cybersecurity

AP Cybersecurity Topics › Wireless Security
Unit 3 • Topic 3.2 • Protecting Networks

Wireless Network Security: Encryption, MAC Filtering & Policies

Topic 3.2 covers protecting networks with managerial controls (security policies) and wireless security settings. Together they reduce the chance an adversary can join or eavesdrop on a network.

Contents

  1. Managerial controls (policies)
  2. Wireless security settings
  3. Real-world example
  4. Key terms
  5. Match it up
  6. Check for Understanding
  7. FAQ
Policiesrouter, switch, VPN, wireless
Encryptstrong wireless security
FilterMAC filtering, SSID control
Strong encryptionMAC filteringControl SSID
Wireless protections layer together; none is complete alone.

Managerial controls (policies)

Organizations set written policies that govern network devices: a router security policy, a switch security policy, a VPN policy, and a wireless security policy. These define required configurations and acceptable use before any technical setting is touched.

Policies matter because consistent, documented rules prevent the gaps attackers exploit, such as a forgotten default password on one device.

Scenario

An organization writes rules requiring all access points to use strong encryption and unique admin passwords. What kind of control is this?

Reveal answer

A managerial control, specifically a wireless security policy. It defines the required configuration before technical enforcement.

Exam tip

Policies are managerial controls. Wireless settings (encryption, MAC filtering, SSID broadcast) are technical controls. Questions ask you to match the right control to the goal.

Wireless security settings

Technical wireless protections include enabling strong wireless encryption, using MAC filtering to allow only approved devices, controlling SSID broadcast so the network name is not openly advertised, and disabling beacon frames. These raise the bar for an attacker trying to join or read the network.

None is a complete defense alone. MAC addresses can be spoofed and hidden SSIDs can be discovered, so these layer together (defense in depth).

Scenario

Is hiding the SSID enough to secure a wireless network?

Reveal answer

No. Hiding the SSID makes the network less visible, but a determined attacker can still discover it. It is one layer, best combined with strong encryption and MAC filtering.

Real-world example

Why weak Wi-Fi encryption was abandoned

Older wireless encryption was cracked so easily that organizations moved to stronger standards. Strong encryption is now the baseline, with MAC filtering and SSID control as supporting layers.

Strong encryption is the core; the rest are layers.

Key Terms

Wireless security policy A managerial control governing Wi-Fi configuration.
SSID The broadcast name of a wireless network.
MAC filtering Allowing only approved device addresses.
Beacon frame A broadcast that advertises a wireless network.

Match It Up

Tap a term, then tap its definition. Correct pairs lock in green.
Term
Definition
All matched. Nice work.

Common Mistakes

!

Confusing policies with settings

Policies are managerial controls; encryption and filtering are technical controls.

!

Trusting hidden SSID alone

A hidden network name can still be discovered; it is not real security by itself.

!

Believing MAC filtering is unbeatable

MAC addresses can be spoofed, so MAC filtering is a layer, not a wall.

!

Skipping strong encryption

Strong wireless encryption is the core protection; the rest are supporting layers.

Check for Understanding

Predict your answer before you tap. Click a choice to check it and read why.
Question 1
A written wireless security policy is which type of control?
B. A policy is a managerial control that defines required configuration and use.
Question 2 Predict first
Which is the core technical protection for a wireless network?
A. Strong wireless encryption is the primary protection; other settings are supporting layers.
Question 3
Which are wireless security settings? I. MAC filtering. II. Controlling SSID broadcast. III. Strong encryption.
D. All three are technical wireless protections in the framework.
Question 4 Predict first
Why is hiding the SSID not a complete defense?
B. A hidden SSID reduces visibility but can be discovered, so it is only one layer.
Question 5
MAC filtering can be bypassed because:
A. Attackers can spoof an approved MAC address, so filtering is a layer rather than a wall.
Question 6
A VPN policy and a router security policy are examples of:
C. They are written managerial controls governing how devices are configured and used.

Frequently Asked Questions

With managerial controls (router, switch, VPN, and wireless security policies) and technical settings like strong encryption, MAC filtering, and controlling SSID broadcast.
No. Hiding the network name reduces visibility but can be bypassed. It should be combined with strong encryption and other controls.
Yes. Attackers can spoof an allowed MAC address, so MAC filtering is one layer of defense rather than a complete solution.
← PreviousDoS & DDoS Attacks
Keep studying
All TopicsUnit 3 Study GuidePractice Questions

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]